<?php
ob_start();
session_start();
include('connect.php');
$user = $_POST['username'];
$password = $_POST['password'];

$query  = "SELECT * FROM users where username='".trim($user)."' and confirm=1";
$result = mysql_query($query);
if(mysql_num_rows($result)!="")
{ 
while($row = mysql_fetch_assoc($result))
{

if(trim($password)==trim($row['password']))
{ 
$_SESSION['uid']= $row['uid'];
$_SESSION['fname']= $row['fname'];
$_SESSION['lname']= $row['lname'];
$_SESSION['username']= $row['email'];
$_SESSION['password']= $row['password'];
$_SESSION['usertype']= $row['usertype'];

if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; // holds url for last page visited.
   //echo $url;
else 
   $url = "index.php"; // default page for 

header("Location: $url"); // perform correct redirect.

exit;
 } 
 else
 { 
 header('Location:login.php?er=1');
 }
 }  
}
else
{ 
header('Location:login.php?er=2');
}
ob_flush();
?>